The software described in this documentation is either in Extended Support or Sustaining Support. See for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.

1.4.8 Configuring Dnsmasq to Support PXE Clients

Dnsmasq is designed to act as a DNS forwarder, DHCP server, and TFTP server for small networks. You can use dnsmasq as an alternative to configuring separate DHCP and TFTP services. For more information about dnsmasq, see the dnsmasq(8) manual page, /usr/share/doc/dnsmasq-version, and

To configure dnsmasq for PXE client installation requests:

  1. Install the dnsmasq package.

    # yum install dnsmasq
  2. Edit /etc/dnsmasq.conf and configure entries for PXE clients and other systems on the network, for example:


    The lines in the sample configuration file do the following:


    Listen for incoming client requests on interface eth1 only.


    Reserve a pool of generally available IP addresses in the range through on the 10.0.0/24 subnet with a six-hour lease.


    A dhcp-range setting is required to enable the DHCP service provided by dnsmasq. If you want to configure static addresses but not an address pool, specify a static network address and the keywords static and infinite, for example:


    Reserve the IP address with infinite lease time for svr1, which is identified by the MAC address 08:00:27:c6:a1:16.


    Specify the location of the boot-loader file required by PXE clients. This example supports BIOS-based PXE clients. An entry that supports UEFI-based clients might take the following form:


    If you want to use a separate TFTP server instead of dnsmasq, specify its IP address after the boot-loader path, for example:


    Enable the TFTP service provided by dnsmasq.


    Specify the root directory for files served by TFTP. To prevent clients from accessing any file on the host, dnsmasq rejects requests that specify .. as a path element.

  3. If you configure dnsmasq to provide the TFTP service:

    1. Create the TFTP server directories, for example:

      # mkdir -p /var/lib/tftpboot/pxelinux/pxelinux.cfg
    2. Copy the installation kernel and ram-disk image files to the TFTP server directory hierarchy, for example:

      # wget \
        -O /var/lib/tftpboot/pxelinux/vmlinuz
      # wget \
        -O /var/lib/tftpboot/pxelinux/initrd.img

      This example uses HTTP to obtain the files from an installation server.

    3. If you want to support BIOS-based PXE clients, install the syslinux package and copy the pxelinux.0 boot loader to the TFTP server directory hierarchy.

      # yum install syslinux
      # cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/pxelinux/pxelinux.0

      If you want to support UEFI-based PXE clients, copy the BOOTX64.efi boot loader and splash image files to the TFTP server directory hierarchy, for example:

      # wget \
        -O /var/lib/tftpboot/efi/BOOTX64.efi
      # wget \
        -O /var/lib/tftpboot/efi/splash.xpm.gz
    4. Create the default boot loader configuration file, for example efi/efidefault or pxelinux/pxelinux.cfg/default.

      For more information, see Section 1.4.9, “About Boot-Loader Configuration Files”.

    5. If SELinux is enabled in enforcing mode on your system, use the semanage command to define the default file type of the TFTP server directory hierarchy as tftpdir_t and then use the restorecon command to apply the file type to the entire directory hierarchy, for example:

      # /usr/sbin/semanage fcontext -a -t tftpdir_t "/var/lib/tftpboot(/.*)?"
      # /sbin/restorecon -R -v /var/lib/tftpboot

      The semanage and restorecon commands are provided by the policycoreutils-python and policycoreutils packages.

  4. If you want dnsmasq to act as a caching-only name server, configure a name server entry for that precedes other name server entries.

    Dnsmasq ignores the entry and forwards DNS queries to the other listed name servers. If the NetworkManager service is enabled, you can configure name service entries by using the graphical applet, the nm-connection-editor utility, or the system-config-network utility. Otherwise, you can configure name server entries directly in /etc/resolv.conf, for example:


  5. Start the dnsmasq service, and configure it to start after a reboot.

    # service dnsmasq start
    # chkconfig dnsmasq on

    If you make any changes to /etc/dnsmasq.conf, restart the dnsmasq service. You do not need to restart the service if you change the content of boot loader configuration files.

  6. Configure the firewall:

    1. Allow access by DHCP requests, for example:

      # iptables -I INPUT -i eth1 -p udp --dport 67:68 --sport 67:68 -j ACCEPT

      In this example, the server expects to receive requests on interface eth1.

    2. If you enable the TFTP service in dnsmasq, allow access by TFTP requests:

      # iptables -I INPUT -i eth1 -p udp --dport 69 -j ACCEPT
    3. If you want dnsmasq to act as a caching-only name server, allow access by DNS requests:

      # iptables -I INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
      # iptables -I INPUT -i eth1 -p udp -m udp --dport 53 -j ACCEPT
    4. Save the configuration:

      # service iptables save

For information about configuring and using kickstart to perform automated installation, see Chapter 3, Installing Oracle Linux by Using Kickstart.